A system administrator wants to prevent password compromises from offline password attacks.
Which of the following controls should be configured to BEST accomplish this task? (Select TWO)

A company recently experienced several security breaches that resulted in confidential data being
infiltrated form the network. The forensic investigation revealed that the data breaches were
caused by an insider accessing files that resided in shared folders who then encrypted the data
and sent it to contacts via third party email. Management is concerned that other employees may
also be sending confidential files outside of the company to the same organization. Management
has requested that the IT department implement a solution that will allow them to:
Track access and sue of files marked confidential, provide documentation that can be sued for
investigations, prevent employees from sending confidential data via secure third party email,
identify other employees that may be involved in these activities.
Which of the following would be the best choice to implement to meet the above requirements?

Which of the following BEST describes malware that tracks a user’s web browsing habits and
injects the attacker’s advertisements into unrelated web pages? (Select TWO)

The chief security officer (CSO) has issued a new policy to restrict generic or shared accounts on
company systems. Which of the following sections of the policy requirements will have the most
impact on generic and shared accounts?

Joe an end user has received a virus detection warning. Which of the following is the first course
of action that should be taken?

A company has several public conference room areas with exposed network outlets. In the past,
unauthorized visitors and vendors have used the outlets for internet access. The help desk
manager does not want the outlets to be disabled due to the number of training sessions in the
conference room and the amount of time it takes to get the ports either patched in or enabled.
Which of the following is the best option for meeting this goal?

An attacker unplugs the access point at a coffee shop. The attacker then runs software to make a
laptop look like an access point and advertises the same network as the coffee shop normally
does. Which of the following describes this type of attack?

A network administrator argues that WPA2 encryption is not needed, as MAC filtering is enabled
on the access point. Which of the following would show the administrator that wpa2 is also
needed?

A security director has contracted an outside testing company to evaluate the security of a newly
developed application. None of the parameters or internal workings of the application have been
provided to the testing company prior to the start of testing. The testing company will be using:

While preparing for an audit a security analyst is reviewing the various controls in place to secure
the operation of financial processes within the organization. Based on the pre assessment report,
the department does not effectively maintain a strong financial transaction control environment
due to conflicting responsibilities held by key personnel. If implemented, which of the following
security concepts will most effectively address the finding?